Infracore LLC Blog

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like Infracore LLC are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to Infracore LLC at (858) 509-1970.

Tip of the Week: A Secure 2018 Relies on Powerful ...
Personalities are Key to Successful Networking
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, January 18 2019

Captcha Image

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Cloud Google Business computing Network Security Microsoft Hackers Data Malware Hosted Solutions User Tips Innovation Software Backup Internet Business Hardware Tech Term Smartphones Mobile Devices Data Backup Business Continuity Browser Smartphone Email Windows 10 VoIP Computer Android IT Services Productivity Managed IT Services Alert Workplace Tips Disaster Recovery Communications Small Business Data Recovery Business Management Cloud Computing Outsourced IT Computers Communication Miscellaneous Managed IT Services Chrome Artificial Intelligence Router Ransomware Office Efficiency Cybercrime Law Enforcement Network Windows 10 Social Media Password Applications Facebook Virtualization Windows Telephone Systems IT Support Holiday Internet of Things Collaboration Cybersecurity Productivity Money Passwords Office 365 How To Social Engineering Gadgets Information Mobile Device Google Drive Automation Word Work/Life Balance Quick Tips Saving Money Upgrade Server App Spam Health Wi-Fi Mobile Device Management Mobility Private Cloud Two-factor Authentication Bring Your Own Device Phishing Save Money Connectivity Apps Data Security Managed Service HaaS Office Tips Keyboard BDR IT Support Vulnerability Microsoft Office Scam Settings Data Breach Data Protection Hacking Voice over Internet Protocol Managed Service Provider Business Intelligence OneNote Automobile Samsung IT Management Government Blockchain Electronic Medical Records Redundancy Servers Update Spam Blocking Bandwidth Identity Theft Training Avoiding Downtime Infrastructure Encryption Entertainment Paperless Office Data Management USB Value IT Plan Public Cloud Firewall Operating System Networking Marketing VPN Machine Learning Unsupported Software Virtual Assistant Human Resources Employer-Employee Relationship Remote Monitoring End of Support Google Docs Battery Fraud Access Control Charger History Patch Management Managed IT Telephone System Comparison Telephony Sports Cleaning Remote Computing Website CES Windows 7 Software as a Service Worker Botnet Big Data BYOD PDF Flexibility Computer Care Data Storage Content Management Legal Workers Addiction Books Assessment Wireless Digital Signature Employer Employee Relationship Start Menu Document Management Microchip Wearable Technology Cryptocurrency Audit IT Consultant Monitor Online Shopping Smart Tech Social Best Practice eWaste Benefits Excel Remote Worker Hosted Computing Cache IT solutions Television Physical Security Millennials Computer Accessories Tools Search Engine Safe Mode Information Technology Multi-Factor Security HIPAA Computer Fan Leadership Sync Wireless Internet Warranty Techology Users Evernote HVAC Vendor Content Humor Internet Exlporer WiFi Criminal Tip of the week Wiring Credit Cards Inventory Vendor Management Data loss Files Password Manager Emergency Public Computer Search Workforce Bluetooth Downtime Bing Troubleshooting webinar Loyalty Instant Messaging Hybrid Cloud Trending Save Time The Internet of Things Wire Printer Virtual Reality Data storage Wireless Charging Devices Enterprise Content Management Display Video Games Audiobook Smart Technology Windows 10s Current Events Windows Server 2008 Unified Threat Management Screen Mirroring Business Mangement HBO MSP How to Accountants Root Cause Analysis YouTube Help Desk Thought Leadership Conferencing SaaS Software Tips Apple Staff FENG Mouse Worker Commute Cortana Cast Password Management Security Cameras Internet exploMicrosoft Two Factor Authentication Knowledge Mobile Computing Education Amazon Authentication Experience Gmail Outlook File Sharing Black Market Telecommuting Risk Management Google Apps Emails iPhone Specifications Hiring/Firing Skype Smart Office Administrator Music NIST Hacker Scalability Advertising Solid State Drive Network Congestion Flash Camera Computing Infrastructure Amazon Web Services Nanotechnology Shortcuts Relocation User Error Recovery Recycling Transportation Safety Frequently Asked Questions Augmented Reality Remote Work Practices Politics Rootkit Meetings Travel Webinar Regulation Smartwatch Printers CrashOverride Thank You Company Culture Twitter Compliance Managing Stress Congratulations

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

AngusCousens Preventing Identity Theft Should be a Priority, But Do You Know How to Handle It?
27 December 2018
What a good story you have written and I feel good reading about your story and we should share thin...
George Nivison Bring Your Own Device Is Great...When Applied Properly
21 December 2018
If you think you device get slow then try once again for the device sharing speed with the connectin...
Chantale Bass Tip of the Week: How to Use Tabs to Their Full Potential
15 December 2018
Tabs we need to use only with the ways of the potentially uses from the internet use and also for th...
JoseSClark How You Can Get Microsoft Office Certified
14 December 2018
Many users want to get Microsoft Office certified for theirselve and it was a good post for them. Re...
Donna Brock 3 Significant Ways the Cloud Can Grow Your Business
13 December 2018
In every field of life technology have a big name and now technology provide the facility to save yo...